Why cryptome sold web logs to their paying customers?

Mirimir mirimir at riseup.net
Sun Oct 11 20:39:25 PDT 2015


On 10/11/2015 08:57 PM, Travis Biehn wrote:
> onion.link is an untrusted, upstream CDN, no?

Yes, so use Tor :)

> On Sun, Oct 11, 2015 at 10:50 PM, Mirimir <mirimir at riseup.net> wrote:
> 
>> On 10/11/2015 08:31 PM, Travis Biehn wrote:
>>> Your onion or your clearsite?
>>
>> What clearsite? One aspect of the design is that lighttpd runs in a VM
>> that can't see the Internet except through a Tor-gateway VM.
>>
>>> How do you establish that your onion and clearsite host the same content?
>>
>> Running a clearsite just doesn't work for me. It would paint too big a
>> target on the server. Anyone not using Tor can just use
>> <http://dbshmc5frbchaum2.onion.link/>.
>>
>>> How do you federate changes from your onion to your clearsite?
>>> What do you do if your clearsite gets seized and used to serve up TAO
>>> payloads?
>>
>> Don't have a clearsite :)
>>
>>> How do you prevent your upstream from logging the IP addresses that hit
>>> port 80 and 443? The size of those messages (you know the https sizing
>>> attacks which can reveal which particular pages your visitors are on,
>>> right)?
>>
>> Upstream = Tor. And sure, maybe Tor gets hosed.
>>
>>> How do you make your visitors aware of the above and more? How do you
>>> ensure that they saw your message?
>>
>> Look at my front page :)
>>
>>> -Travis
>>>
>>> On Sun, Oct 11, 2015 at 10:15 PM, Mirimir <mirimir at riseup.net> wrote:
>>>
>>>> On 10/11/2015 07:49 PM, Travis Biehn wrote:
>>>>> I'd rather have what you call 'lazy' over nothing.
>>>>
>>>> Look, I mean no disrespect to Cryptome. But I do think that there ought
>>>> to be a warning for users to protect themselves, if they don't want
>>>> their access logged by everyone and their little yellow dog.
>>>>
>>>>> The ideal is all distribution modes available: "Keep the info off the
>>>> dark
>>>>> web, off the deep web and in the search indexes."
>>>>>
>>>>> Cryptome shows up on google searches. Your onion does not.
>>>>
>>>> Well, Cryptome has been around for about 20 years, so hey ;)
>>>>
>>>> But Google is indexing it. And it shows up well enough in relevant
>>>> searches. But I haven't been promoting it very much.
>>>>
>>>>> -Travis
>>>>>
>>>>> On Sun, Oct 11, 2015 at 9:38 PM, Mirimir <mirimir at riseup.net> wrote:
>>>>>
>>>>>> On 10/11/2015 06:20 PM, Travis Biehn wrote:
>>>>>>> A billboard doesn't need much 'security.' *shrug*
>>>>>>
>>>>>> Well, there are the access logs ;)
>>>>>>
>>>>>> It ought to be an onion service, no? No sure bet, of course, but
>> better
>>>>>> than nothing. In my opinion.
>>>>>>
>>>>>> Putting it all on users is awfully lazy, I think.
>>>>>>
>>>>>>> Travis
>>>>>>>
>>>>>>> On Sun, Oct 11, 2015, 8:18 PM John Young <jya at pipeline.com> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>>> I would not have expected Cryptome to be on shared hosting ;) But
>>>> yes,
>>>>>>>>> that would explain it.
>>>>>>>>
>>>>>>>> Shared is cheap, so are we. Shared is vuln, so are we. So are the
>>>> others
>>>>>>>> despite credentials and billion-dollar armaments and above all else
>>>>>>>> secrecy and shallow oversight. That explains it.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>
> 
> 
> 



More information about the cypherpunks mailing list